'use strict'

module.exports = async (c,next) => {
    let token = c.headers.authorization || c.query.token;
    if(!token){
        return c.status(403).send('TOKEN NULL')
    }
    let r = c.service.tok.verify(token);
    if(!r.ok){
        return c.status(403).send(r.errcode)
    }

    //把成功验证后解密的用户数据放在c.box中
    c.box.user = r.data;
    await next();
}